OTPulse

Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability Identified in PT Switches

Plan PatchCVSS 9.2MPSA-241408Mar 6, 2025
Moxa
Summary

Moxa PT switches contain an authentication bypass vulnerability in their authorization mechanism. Despite client-side and back-end server verification, flaws in the implementation allow attackers to exploit CWE-656 (Reliance on Security Through Obscurity). Attackers can use brute-force attacks or MD5 collision techniques to forge authentication hashes and gain unauthorized access to device configuration, potentially allowing them to modify network settings, disable features, or disrupt communications to downstream industrial equipment.

What this means
What could happen
An attacker can bypass authentication on Moxa PT switches and gain unauthorized access to device configuration and management interfaces. This could allow an attacker to alter network settings, disable safety features, or disrupt communications to downstream industrial equipment.
Who's at risk
Moxa PT industrial Ethernet switches are used for network connectivity in water treatment, power distribution, manufacturing, and other critical infrastructure environments. This vulnerability affects any organization using PT switches (all versions) for industrial network management and switching.
How it could be exploited
An attacker on the network can send crafted authentication requests to the PT switch's management interface. By exploiting weaknesses in the authorization logic—such as MD5 hash collisions or weak credential validation—the attacker can bypass authentication and gain administrative access without valid credentials.
Prerequisites
  • Network access to the PT switch's management interface (typically port 80/443)
  • Access to craft HTTP requests to the device
  • No valid credentials required
Remotely exploitableNo authentication requiredLow complexityNo patch availableAffects network infrastructure
Exploitability
Unlikely to be exploited — EPSS score 0.2%
Affected products (1)
ProductAffected VersionsFix Status
PT SwitchesAll versionsNo fix (EOL)
Remediation & Mitigation
0/4
Do now
0/2
HARDENINGRestrict network access to the PT switch management interface using firewall rules—only allow management traffic from authorized engineering workstations or jump servers
WORKAROUNDIf possible, disable remote management access and use only local console access for administration
Schedule — requires maintenance window
0/1

Patching may require device reboot — plan for process interruption

HARDENINGMonitor for and log all authentication attempts to the PT switch management interface; alert on repeated failed attempts
Mitigations - no patch available
0/1
PT Switches has reached End of Life. The vendor will not release a patch. Apply the following compensating controls:
HARDENINGImplement network segmentation to isolate PT switches on a dedicated management VLAN with strict access controls
View full Moxa Security advisory
API: /api/v1/advisories/ef9cd001-fc9a-423f-8c5f-32f9d86a58ab

Get OT security insights every Tuesday

Advisory breakdowns, a weekly summary, and incident analyses for the people actually defending OT environments. Free, no account required.

Moxa CVE-2024-12297: Frontend Authorization Logic Disclosure Vulnerability Identified in PT Switches | CVSS 9.2 - OTPulse